The Transifex endpoint should support webhook security

[matthewjackowski]

See here for details:
http://docs.transifex.com/integrations/webhook/#verifying

[ankon]

Supposedly https://github.com/transifex/txgh/blob/master/lib/txgh/transifex_request_auth.rb does implement that, doesn't it?

But: The existing code is extremely under-documented, and I do not feel able to replicate that in another language without a clear description of what exactly has to be done. I'm also concerned that the logic to serialize the parameters depends on the iteration order, which minimally isn't documented, and very likely isn't stable -- or maybe it is only stable across some ruby versions and variants.

See also https://github.com/Collaborne/txgh/issues/1 :)

[matthewjackowski]

@ankon Thanks for this.
I definitely can add some documentation to clarify how the authentication works.

However I'm not sure about your concern about 'stability'. I think the best way to address this would be to write a test such that it's easy to evaluate if there is a condition that could cause verification to fail. If you could give me a specific example of the state, I can add it.

[matthewjackowski]

Also note...while we are in process of updating our documentation. I have this video which shows how to calculate the verification in Python: https://www.youtube.com/watch?v=zl-fa0Pp5K0
Note: There is no audio, but there are English subtitles that explain the steps and how to test it.